Information on Third-party Vendor Security Incident

To the Campus Community:

It has been brought to our attention that a data breach has occurred involving three third-party organizations associated with the State University of New York (SUNY) and Farmingdale State College (FSC). Specifically, the breach affected “MOVEit,” a file transfer tool.

While no systems operated or maintained by FSC were included in the breach, we are informing our campus community and encouraging you to consider taking precautionary steps to protect your personal information.

The cyberattack affected National Student Clearinghouse (NSC), Teachers Insurance and Annuity Association (TIAA), and Corebridge Financial (formerly AIG). Student data is sent to the NSC as required by the U.S. Department of Education. Data for some employees is sent to TIAA and Corebridge Financial to support retirement services.

It is important to note that individuals impacted by the breach will receive information concerning next steps directly from the companies involved. NSC is providing information about their response on their webpage. Corebridge Financial has also established a dedicated webpage to provide more information and a FAQ. And, TIAA’s partner, Pension Benefit Information, LLC, has posted information and resources on their webpage.

As always, we remind you of the steps you can take to best protect yourself and your privacy:

1. Be vigilant: Cybercriminals leverage stolen personal information to conduct phishing attacks. An email, notice, or text message containing accurate information about your accounts is not enough to verify authenticity. Always verify the source of a message before responding. Calls may also be used to obtain personal or financial information.
2. Monitor your financial accounts and credit: Monitor your credit report for unusual activity. If you believe you are being targeted, consider putting a credit freeze in place to frustrate would-be scammers.
3. Secure your accounts: Remember to enable multi-factor authentication and to use long passphrases for all your accounts. Never give someone your password or a multi-factor code if asked for it, even if they claim to be from a trusted organization.
4. Refer to the Farmingdale State College Information Security Webpage for additional guidance for safe computing practices.

As you know, FSC takes data privacy and information security very seriously and is vigilant in securing data, identifying risks, and reminding the campus community about potential cyberthreats. We will continue working with SUNY System Administration to monitor this situation and will be sure to provide further updates should we learn more.

Gregory O'Connor
Executive Vice President & Chief Financial Officer